CVE-2017-15101 — Stack-based Buffer Overflow in Liblouis

CWE-121 — Stack-based Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources

Severity

9.8CRITICALNVD

CNA7.8

EPSS

0.3%

top 45.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Liblouis Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +3 more

Timeline

PublishedJul 27

Latest updateMay 13

Description

A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶NVDliblouis/liblouis< 2.5.4

▶Ubuntuliblouis/liblouis< 2.5.3-2ubuntu1.2

▶CVEListV5liblouis/liblouis2.5.4

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Enterprise Linux 7.4, 7.5

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-hxf5-6w8g-jf87: A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2↗2022-05-13

▶

CVEList

CVE-2017-15101: A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2↗2018-07-27

▶

OSV

CVE-2017-15101: A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2↗2018-07-27

▶

📋Vendor Advisories

Red Hat

liblouis: incomplete fix for CVE-2014-8184↗2017-11-02

▶

Debian

CVE-2017-15101: liblouis - A missing patch for a stack-based buffer overflow in findTable() was found in Re...↗2017

▶

💬Community

Bugzilla

CVE-2017-15101 liblouis: incomplete fix for CVE-2014-8184↗2017-11-08

▶